[latentpot]

QUIC is the standard problem across n number of clients who choose Zscaler and similar content inspection tools. You can block it at the policy level but you also need to have it disabled at the browser level. Which sometimes magically turns on again and leads to a flurry of tickets for 'slow internet', 'Google search not working' etcetera.

[watermelon0]

Wouldn't the issue in this case be with Zscaler, and not with QUIC?

[chgs]

The problem here is choosing software like zscaler

[mcosta]

Zscaler is not chosen, it is imposed by the corporation

[v1ne]

Hmm, interesting. We also have a policies imposed by the Regulator™ that leads to us inspecting all web traffic. All web traffic goes through a proxy that's configured in the web browser. No proxy, no internet.

Out of curiosity: What's your use case to use ZScaler for this inspection instead?

[chgs]

You hairpin traffic through your own vpn?

How does MITM work with QUIC?